RE: Network Statistics

From: Allan Jude (937863_at_primus.ca)
Date: 05/14/03

  • Next message: Allan Jude: "RE: Network Statistics"
    To: "'PsYxAkIaS (FreeBSD)'" <freebsd@psyxakias.com>
    Date: Wed, 14 May 2003 11:46:03 -0400
    
    

    Ipband

    It's in the ports tree, it is ment to email you whenever any of your ips
    goes over a set limit (300kb/sec)
    You can change a bit of code to make it install firewall rules rather
    than email you

    -----Original Message-----
    From: owner-freebsd-isp@freebsd.org
    [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of PsYxAkIaS (FreeBSD)
    Sent: Wednesday, May 14, 2003 7:46 AM
    To: freebsd-isp@freebsd.org
    Subject: Network Statistics

    Hey all

    I am currently using tcpstat to check if I am getting attacked, tcpdump
    to trace the ips and what type of attack and ipfw firewall to block
    them. Sometimes trafshow too but on big attacks trafshow isnt helpful.

    1. Do you have any other utils than tcpdump to suggest ?

    2. I was thinking to make a script to auto-block (via ipfw firewall) any
    ip that spends 300 kb/sec for more than 1 minute. Do you know any tools
    that may show me which of my ips are getting more than 300 kb/sec? I
    hope you got my point

    Best Regards
    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

    _______________________________________________
    freebsd-isp@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-isp
    To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"


  • Next message: Allan Jude: "RE: Network Statistics"

    Relevant Pages

    • Re: IPS, alternative solutions
      ... they're populated with attack patterns (hopefully in advance of those ... so then why IPS? ... > information on screens and printers, including JPEG image files. ... > - Embedded in Word sent as a MIME encoded mail ...
      (Focus-IDS)
    • RE: need your help about IPS and IDS,thanks
      ... We run a SOC with IPSes. ... cause a DoS at high bandwidth), you can mitigate the attack without taking ... traditional firewall and IDS vendors try to protect their market shares. ... The main difference in my opinion is that IPS are inline and can therefore ...
      (Focus-IDS)
    • AW: IPS - Cisco vs. McAfee vs. Tippingpoint
      ... Cisco IPS 4200 Series Sensor ... serious DDoS attack from the customer end. ... A guide to understanding SSL certificates, ...
      (Focus-IDS)
    • Re: IPS, alternative solutions
      ... >>I think we can all agree that IPS is no replacement for Patch ... including JPEG image files. ... What we have are the following network attack vectors which come to mind ... Embedded in Word sent as a MIME encoded mail ...
      (Focus-IDS)
    • Re: IPS, alternative solutions
      ... I do not question that an inline IPS can ... the attack happened. ... If you look at IDS in a limited scope of signatures and post faco ...
      (Focus-IDS)